CVE-2011-2495

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properlyrestrict access to /proc/#####/io files, which allows local users to obtainsensitive I/O statistics by polling a file, as demonstrated by discoveringthe length of another user's password.

Ubuntu-Description

Vasiliy Kulikov discovered that /proc/PID/io did not enforce accessrestrictions. A local attacker could exploit this to read certaininformation, leading to a loss of privacy.